MCPcopy Index your code
hub / github.com/dwisiswant0/crlfuzz

github.com/dwisiswant0/crlfuzz @v1.4.1

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.4.1 ↗ · + Follow
20 symbols 52 edges 12 files 10 documented · 50%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

CRLFuzz

made-with-Go go-report license contributions welcome godoc

A fast tool to scan CRLF vulnerability written in Go


Resources

Installation

from Binary

The installation is easy. You can download a prebuilt binary from releases page, unpack and run! or with

▶ curl -sSfL https://git.io/crlfuzz | sh -s -- -b /usr/local/bin

from Source

If you have go1.13+ compiler installed and configured:

▶ GO111MODULE=on go get -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz

In order to update the tool, you can use -u flag with go get command.

from GitHub

▶ git clone https://github.com/dwisiswant0/crlfuzz
▶ cd crlfuzz/cmd/crlfuzz
▶ go build .
▶ mv crlfuzz /usr/local/bin

Usage

Basic Usage

Simply, CRLFuzz can be run with:

▶ crlfuzz -u "http://target"

Flags

▶ crlfuzz -h

This will display help for the tool. Here are all the switches it supports.

Flag Description
-u, --url Define single URL to fuzz
-l, --list Fuzz URLs within file
-X, --method Specify request method to use (default: GET)
-o, --output File to save results
-d, --data Define request data
-H, --header Pass custom header to target
-x, --proxy Use specified proxy to fuzz
-c, --concurrent Set the concurrency level (default: 25)
-s, --silent Silent mode
-v, --verbose Verbose mode
-V, --version Show current CRLFuzz version
-h, --help Display its help

Target

You can define a target in 3 ways:

Single URL

▶ crlfuzz -u "http://target"

URLs from list

▶ crlfuzz -l /path/to/urls.txt

from Stdin

In case you want to chained with other tools.

▶ subfinder -d target -silent | httpx -silent | crlfuzz

Method

By default, CRLFuzz makes requests with GET method. If you want to change it, you can use the -X flag.

▶ crlfuzz -u "http://target" -X "GET"

Output

You can also save fuzzing results to a file with -o flag.

▶ crlfuzz -l /path/to/urls.txt -o /path/to/results.txt

Data

If you want to send a data request using POST, DELETE. PATCH or other methods, you just need to use -d flag.

▶ crlfuzz -u "http://target" -X "POST" -d "data=body"

Adding Headers

May you want to use custom headers to add cookies or other header parts.

▶ crlfuzz -u "http://target" -H "Cookie: ..." -H "User-Agent: ..."

Using Proxy

Using a proxy, proxy string can be specified with a protocol:// prefix to specify alternative proxy protocols.

▶ crlfuzz -u "http://target" -x http://127.0.0.1:8080

Concurrency

Concurrency is the number of fuzzing at the same time. Default value CRLFuzz provide is 25, you can change it by using -c flag.

▶ crlfuzz -l /path/to/urls.txt -c 50

Silent

If you activate this silent mode with the -s flag, you will only see vulnerable targets.

▶ crlfuzz -l /path/to/urls.txt -s | tee vuln-urls.txt

Verbose

Unlike silent mode, it will display error details if there is an error with the -v flag.

▶ crlfuzz -l /path/to/urls.txt -v

Version

To display the current version of CRLFuzz with the -V flag.

▶ crlfuzz -V

Library

You can use CRLFuzz as a library.

package main

import (
    "fmt"

    "github.com/dwisiswant0/crlfuzz/pkg/crlfuzz"
)

func main() {
    target := "http://target"
    method := "GET"

    // Generates a potentially CRLF vulnerable URLs
    for _, url := range crlfuzz.GenerateURL(target) {
        // Scan against target
        vuln, err := crlfuzz.Scan(url, method, "", []string{}, "")
        if err != nil {
            panic(err)
        }

        if vuln {
            fmt.Printf("VULN! %s\n", url)
        }
    }
}

Help & Bugs

If you are still confused or found a bug, please open the issue. All bug reports are appreciated, some features have not been tested yet due to lack of free time.

License

CRLFuzz released under MIT. See LICENSE for more details.

Version

Current version is 1.4.0 and still development.

Core symbols most depended-on inside this repo

Exit
called by 4
pkg/errors/errors.go
Show
called by 4
pkg/errors/errors.go
String
called by 2
internal/runner/options.go
showBanner
called by 2
internal/runner/banner.go
Client
called by 1
pkg/request/client.go
GenerateURL
called by 1
pkg/crlfuzz/generator.go
Scan
called by 1
pkg/crlfuzz/crlfuzz.go
isVuln
called by 1
pkg/crlfuzz/crlfuzz.go

Shape

Function 14
Method 4
Struct 1
TypeAlias 1

Languages

Go100%

Modules by API surface

internal/runner/options.go6 symbols
internal/runner/validator.go3 symbols
pkg/errors/errors.go2 symbols
pkg/crlfuzz/crlfuzz.go2 symbols
internal/runner/runner.go2 symbols
pkg/request/client.go1 symbols
pkg/crlfuzz/generator.go1 symbols
internal/runner/version.go1 symbols
internal/runner/banner.go1 symbols
cmd/crlfuzz/main.go1 symbols

For agents

$ claude mcp add crlfuzz \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page